Mtons Mblog vulnerabilities
14 known vulnerabilities affecting mtons/mblog.
Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM9LOW3
Vulnerabilities
Page 1 of 1
CVE-2025-9004P2CRITICALCVSS 9.1≤ 3.5.0v3.0+5 more2025-08-15
CVE-2025-9004 [CRITICAL] CWE-307 CVE-2025-9004: A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of
A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit h
nvd
CVE-2024-28713P3CRITICALCVSS 9.8v3.5.02024-03-28
CVE-2024-28713 [CRITICAL] CWE-434 CVE-2024-28713: An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted fil
An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature.
nvd
CVE-2025-8992P4MEDIUMCVSS 6.5≤ 3.5.0v3.0+5 more2025-08-15
CVE-2025-8992 [MEDIUM] CWE-352 CVE-2025-8992: A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown fu
A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-9433P4MEDIUMCVSS 6.1≤ 3.5.0v3.0+5 more2025-08-26
CVE-2025-9433 [MEDIUM] CWE-79 CVE-2025-9433: A vulnerability was found in mtons mblog up to 3.5.0. The impacted element is an unknown function of
A vulnerability was found in mtons mblog up to 3.5.0. The impacted element is an unknown function of the file /admin/user/list of the component Admin Panel. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used.
nvd
CVE-2025-9432P4MEDIUMCVSS 6.1≤ 3.5.0v3.0+5 more2025-08-26
CVE-2025-9432 [MEDIUM] CWE-79 CVE-2025-9432: A vulnerability has been found in mtons mblog up to 3.5.0. The affected element is an unknown functi
A vulnerability has been found in mtons mblog up to 3.5.0. The affected element is an unknown function of the file /admin/post/list of the component Admin Panel. Such manipulation of the argument Title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-9431P4MEDIUMCVSS 6.1≤ 3.5.0v3.0+5 more2025-08-26
CVE-2025-9431 [MEDIUM] CWE-79 CVE-2025-9431: A flaw has been found in mtons mblog up to 3.5.0. Impacted is an unknown function of the file /searc
A flaw has been found in mtons mblog up to 3.5.0. Impacted is an unknown function of the file /search. This manipulation of the argument kw causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used.
nvd
CVE-2025-9647P4MEDIUMCVSS 6.1≤ 3.5.0v3.0+5 more2025-08-29
CVE-2025-9647 [MEDIUM] CWE-79 CVE-2025-9647: A weakness has been identified in mtons mblog up to 3.5.0. This issue affects some unknown processin
A weakness has been identified in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/role/list. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
nvd
CVE-2025-9429P4MEDIUMCVSS 5.4≤ 3.5.0v3.0+5 more2025-08-26
CVE-2025-9429 [MEDIUM] CWE-79 CVE-2025-9429: A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects un
A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
nvd
CVE-2024-13199P4MEDIUMCVSS 6.1v3.5.02025-01-09
CVE-2024-13199 [MEDIUM] CWE-79 CVE-2024-13199: A vulnerability classified as problematic was found in langhsu Mblog Blog System 3.5.0. Affected by
A vulnerability classified as problematic was found in langhsu Mblog Blog System 3.5.0. Affected by this vulnerability is an unknown functionality of the file /search of the component Search Bar. The manipulation of the argument kw leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may
nvd
CVE-2025-9407P4MEDIUMCVSS 5.4≤ 3.5.0v3.0+5 more2025-08-25
CVE-2025-9407 [MEDIUM] CWE-79 CVE-2025-9407: A flaw has been found in mtons mblog up to 3.5.0. Affected by this vulnerability is an unknown funct
A flaw has been found in mtons mblog up to 3.5.0. Affected by this vulnerability is an unknown functionality of the file /settings/profile. Executing manipulation of the argument signature can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. Other parameters might be affected as well.
nvd
CVE-2025-9430P4MEDIUMCVSS 4.8≤ 3.5.0v3.0+5 more2025-08-26
CVE-2025-9430 [MEDIUM] CWE-79 CVE-2025-9430: A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing
A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used.
nvd
CVE-2025-8927P4LOWCVSS 3.7≤ 3.5.0v3.0+5 more2025-08-13
CVE-2025-8927 [LOW] CWE-307 CVE-2025-8927: A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown fu
A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/send_code of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The complexity of an attack
nvd
CVE-2024-13198P4LOWCVSS 3.7v3.5.02025-01-09
CVE-2024-13198 [LOW] CWE-203 CVE-2024-13198: A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affecte
A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has
nvd
CVE-2025-9005P4LOWCVSS 3.7≤ 3.5.0v3.0+5 more2025-08-15
CVE-2025-9005 [LOW] CWE-200 CVE-2025-9005: A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the fi
A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the
nvd